TWI783176B - Method for managing secure library supporting data storage, and associated electronic device - Google Patents
Method for managing secure library supporting data storage, and associated electronic device Download PDFInfo
- Publication number
- TWI783176B TWI783176B TW108134225A TW108134225A TWI783176B TW I783176 B TWI783176 B TW I783176B TW 108134225 A TW108134225 A TW 108134225A TW 108134225 A TW108134225 A TW 108134225A TW I783176 B TWI783176 B TW I783176B
- Authority
- TW
- Taiwan
- Prior art keywords
- area
- data
- program library
- processor
- port
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0623—Securing storage systems in relation to content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0659—Command handling arrangements, e.g. command buffers, queues, command scheduling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明有關於電子產品的控制,尤其關於一種用來管理支援資料儲存的安全程式庫(secure library)的方法與電子裝置。 The present invention relates to the control of electronic products, in particular to a method and electronic device for managing a secure library supporting data storage.
相關技術中的程式庫(library)可儲存程式碼(program code),以供進一步使用。例如,這些程式碼可被執行,但無法被用戶讀取或改寫。方案商(solution provider)可販賣已預先燒錄這些程式碼的積體電路產品給系統廠商,以供進行二次開發。由於這些程式碼無法被讀取或改寫,這樣的機制有助於保護這些程式碼不被竊取,以維持這樣的商業模式。然而,可能發生某些問題。例如,相關技術中的程式庫只能存放指令。於典型情況下,資料必須存放在其它的地方。在二次開發的期間,這些資料可能被無意間破壞,甚至被故意竄改。因此,需要一種新穎的架構,以改進保護機制且提升電子系統的整體效能。 A program library in the related art can store program codes for further use. For example, the code can be executed but cannot be read or written by the user. A solution provider can sell integrated circuit products pre-programmed with these codes to system manufacturers for secondary development. Since these codes cannot be read or rewritten, such a mechanism helps to protect these codes from being stolen to maintain such a business model. However, certain problems may occur. For example, the program library in the related art can only store instructions. Typically, data must be stored elsewhere. During the secondary development, these materials may be destroyed unintentionally, or even tampered with intentionally. Therefore, a novel architecture is needed to improve the protection mechanism and enhance the overall performance of the electronic system.
本發明的一目的在於提供一種用來管理支援資料儲存的安全程式庫(secure library)的方法與電子裝置,以解決上述問題。 An object of the present invention is to provide a method and electronic device for managing a secure library supporting data storage, so as to solve the above-mentioned problems.
本發明的另一目的在於提供一種用來管理支援資料儲存的安全程式 庫的方法與電子裝置,以改進保護機制且達到電子裝置的優化(optimal)效能。 Another object of the present invention is to provide a secure program for managing support data storage The method of the library and the electronic device are used to improve the protection mechanism and achieve the optimal performance of the electronic device.
本發明的至少一實施例提供一種用來管理支援資料儲存的安全程式庫的方法,其中所述方法可應用於一電子裝置。所述方法可包含:分別將一非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為所述安全程式庫的一指令區與一資料區,其中於所述安全程式庫被啟用(enable)以前,屬於所述安全程式庫的預定指令與預定資料透過至少一處理器的一資料埠(data port)分別被寫入所述指令區與所述資料區,以於所述安全程式庫區中建立所述安全程式庫,以及所述至少一處理器與所述非揮發性記憶體是位於所述電子裝置中;於所述安全程式庫被啟用以後,利用一記憶體控制器禁止任何寫入操作以及任何抹除(erase)操作被施加於(applied to)所述安全程式庫區,以保護分別位於所述指令區與所述資料區的所述預定指令與所述預定資料,其中所述記憶體控制器是位於所述電子裝置中;以及於所述安全程式庫被啟用以後,利用所述至少一處理器分別透過所述至少一處理器的一指令埠(instruction port)與所述資料埠,讀取所述指令區與所述資料區。依據某些實施例,所述預定指令可包含至少一函數(function),並且所述預定資料可包含所述至少一函數的常量(constant)。 At least one embodiment of the present invention provides a method for managing a secure library supporting data storage, wherein the method is applicable to an electronic device. The method may include: respectively configuring at least one first subarea and at least one second subarea in a secure program library area in a non-volatile memory as a command area and a data of the secure program library area, wherein before the safety program library is enabled (enable), predetermined instructions and predetermined data belonging to the safety program library are respectively written into the instruction area and the predetermined data through a data port (data port) of at least one processor the data area for establishing the secure program library in the secure program library area, and the at least one processor and the non-volatile memory are located in the electronic device; in the secure program library After being enabled, a memory controller is used to prohibit any writing operation and any erasing (erase) operation from being applied to (applied to) the secure library area to protect the command area and the data area respectively The predetermined instruction and the predetermined data, wherein the memory controller is located in the electronic device; and after the security library is activated, use the at least one processor to pass the An instruction port of the processor and the data port read the instruction area and the data area. According to some embodiments, the predetermined instruction may include at least one function, and the predetermined data may include a constant of the at least one function.
本發明的至少一實施例提供一種電子裝置。所述電子裝置可包含至少一處理器、一非揮發性記憶體以及一記憶體控制器,且所述至少一處理器具有一資料埠與一指令埠,其中所述記憶體控制器耦接至所述至少一處理器與所述非揮發性記憶體。所述至少一處理器可用來控制所述電子裝置的操作,且所述非揮發性記憶體可用來為所述電子裝置儲存資訊且提供支援資料儲存的安全程式庫給所述電子裝置。另外,所述記憶體控制器可用來分別將所述非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為所述安全程式庫的一指令區與一資料區,其中於所述安全程式庫被啟用以前,屬 於所述安全程式庫的預定指令與預定資料透過所述至少一處理器的所述資料埠分別被寫入所述指令區與所述資料區,以於所述安全程式庫區中建立所述安全程式庫。例如:於所述安全程式庫被啟用以後,所述記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於所述安全程式庫區,以保護分別位於所述指令區與所述資料區的所述預定指令與所述預定資料;以及於所述安全程式庫被啟用以後,所述至少一處理器分別透過所述至少一處理器的所述指令埠與所述資料埠,讀取所述指令區與所述資料區。依據某些實施例,所述預定指令可包含至少一函數,並且所述預定資料可包含所述至少一函數的常量。 At least one embodiment of the invention provides an electronic device. The electronic device may include at least one processor, a non-volatile memory, and a memory controller, and the at least one processor has a data port and an instruction port, wherein the memory controller is coupled to the The at least one processor and the non-volatile memory. The at least one processor can be used to control the operation of the electronic device, and the non-volatile memory can be used to store information for the electronic device and provide a secure library for supporting data storage to the electronic device. In addition, the memory controller can be used to respectively configure at least one first sub-area and at least one second sub-area in a secure program library area in the non-volatile memory as a part of the secure program library. a command area and a data area, wherein before the security library is enabled, belongs to Predetermined instructions and predetermined data in the secure library are respectively written into the instruction area and the data area through the data port of the at least one processor to create the Security library. For example: after the security program library is activated, the memory controller prohibits any write operation and any erasure operation from being applied to the security program library area, so as to protect the data located in the command area and the data respectively. the predetermined instruction and the predetermined data of the region; and after the secure program library is activated, the at least one processor reads through the instruction port and the data port of the at least one processor respectively The instruction area and the data area. According to some embodiments, the predetermined instruction may include at least one function, and the predetermined data may include a constant of the at least one function.
本發明能在不降低整體效能的狀況下實現支援資料儲存的安全程式庫,並且達到電子裝置的優化效能。 The invention can realize the safety program library supporting data storage without lowering the overall performance, and achieve the optimized performance of the electronic device.
100:電子裝置 100: Electronic device
110:處理器 110: Processor
120:記憶體控制器 120: memory controller
122:暫存器電路 122: Register circuit
124:邏輯電路 124: Logic circuit
130:非揮發性記憶體 130: Non-volatile memory
132:儲存區 132: storage area
DEBUG_PORT:除錯埠 DEBUG_PORT: Debug port
D_PORT:資料埠 D_PORT: data port
I_PORT:指令埠 I_PORT: command port
SET:設定操作 SET: set operation
W:寫入操作 W: write operation
R1、R2:讀取操作 R1, R2: read operation
sLIB_Region:安全程式庫區 sLIB_Region: secure library area
sLIB_D_Region:資料區 sLIB_D_Region: data area
sLIB_I_Region:指令區 sLIB_I_Region: instruction area
200:工作流程 200: Workflow
210、220、230:步驟 210, 220, 230: steps
第1圖為依據本發明一實施例的一種電子裝置的示意圖。 FIG. 1 is a schematic diagram of an electronic device according to an embodiment of the present invention.
第2圖繪示依據本發明一實施例的於第1圖所示的電子裝置中的記憶體控制器的實施細節。 FIG. 2 illustrates implementation details of a memory controller in the electronic device shown in FIG. 1 according to an embodiment of the present invention.
第3圖為依據本發明一實施例的一種用來管理支援資料儲存的安全程式庫的方法的控制方案。 FIG. 3 is a control scheme of a method for managing a secure library supporting data storage according to an embodiment of the present invention.
第4圖繪示依據本發明一實施例的於第3圖所示方法的工作流程。 FIG. 4 illustrates the workflow of the method shown in FIG. 3 according to an embodiment of the present invention.
第1圖為依據本發明一實施例的一種電子裝置100的示意圖。電子裝置100可包含至少一處理器(例如一或多個處理器)諸如處理器110、一記憶體控制器120以及一非揮發性記憶體130,其中上述至少一處理器諸如處理器110可
具有一除錯埠(debug port)DEBUG_PORT、一資料埠D_PORT與一指令埠I_PORT。例如,非揮發性記憶體130可為一快閃記憶體(Flash memory),但本發明不限於此。另外,記憶體控制器120可耦接至上述至少一處理器諸如處理器110與非揮發性記憶體130。尤其,處理器110可透過匯流排耦接至記憶體控制器120,以在記憶體控制器120的控制下存取(access)非揮發性記憶體130。基於第1圖所示架構,處理器110可分別透過除錯埠DEBUG_PORT、資料埠D_PORT與指令埠I_PORT進行除錯相關傳輸(例如從處理器110以外接收除錯命令或回傳(return)除錯資訊)、資料存取(例如讀取或寫入)與指令讀取。電子裝置100的例子可包含(但不限於):多功能行動電話、筆記型電腦、平板電腦、以及可穿戴裝置。
FIG. 1 is a schematic diagram of an
依據本實施例,上述至少一處理器諸如處理器110可控制電子裝置100的操作,以使電子裝置100具備各種功能。在記憶體控制器120的控制下,非揮發性記憶體130可為電子裝置100儲存資訊,且提供支援資料儲存的安全程式庫給電子裝置100,以供實現上述各種功能。由於所述安全程式庫能支援資料儲存,故本發明的保護機制能妥善地保護所述安全程式庫所需的重要資料,以確保這些重要資料不會被破壞或竄改。
According to this embodiment, the at least one processor such as the
第2圖繪示依據本發明一實施例的於第1圖所示的電子裝置100中的記憶體控制器120的實施細節。記憶體控制器120可包含一暫存器電路(register circuit)122以及一邏輯電路124,且暫存器電路122可包含多個暫存器。處理器110可透過資料埠D_PORT進行設定操作SET、寫入操作W以及讀取操作R1,尤其,對暫存器電路122進行設定操作SET以及在邏輯電路124的控制下對非揮發性記憶體130進行寫入操作W以及讀取操作R1。另外,處理器110可透過指令埠I_PORT在邏輯電路124的控制下對非揮發性記憶體130進行讀取操作R2。舉例來說,上述至少一處理器諸如處理器110可透過資料埠D_PORT對暫存器電路122
進行設定操作SET以指定非揮發性記憶體130中的儲存區132的多個子區的各自的各種存取限制,使邏輯電路124依據設定操作SET的設定結果(例如儲存在暫存器電路122中的設定結果)來控制寫入操作W以及讀取操作R1與R2的各自的權限,但本發明不限於此。依據本實施例,記憶體控制器120可透過比對存取位址的方式來限制存取,使所述安全程式庫支援資料儲存,並且可以只允許資料埠D_PORT讀取所述安全程式庫中的重要資料,以維持所述安全程式庫的保護功能。這可帶來許多好處。舉例來說,假設只是以延遲的方式來暫時屏蔽不許可的資料埠存取,延遲時間與處理器架構之間的相依性可造成程式庫內容的不安全,尤其,若透過其它主控(master)裝置諸如直接記憶體存取(Direct Memory Access,DMA)電路發動讀取則有漏洞。本發明的架構能完全避免這些問題。
FIG. 2 illustrates implementation details of the
第3圖為依據本發明一實施例的一種用來管理支援資料儲存的安全程式庫的方法的控制方案。所述方法可應用於第1圖所示的電子裝置100,尤其,可應用於上述至少一處理器諸如處理器110、記憶體控制器120與非揮發性記憶體130。如第3圖所示,儲存區132可包含一安全程式庫區sLIB_Region與其它區(例如系統廠商專用區、用戶區等),並且安全程式庫區sLIB_Region可包含一指令區sLIB_I_Region與一資料區sLIB_D_Region。於所述安全程式庫被啟用以前,例如在第1圖所示架構中的積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的積體電路產品)的一生產階段期間,上述至少一處理器諸如處理器110可將屬於所述安全程式庫的預定指令與預定資料透過資料埠D_PORT分別寫入指令區sLIB_I_Region與資料區sLIB_D_Region,以於安全程式庫區sLIB_Region中建立所述安全程式庫。例如,於所述安全程式庫被啟用以後,記憶體控制器120禁止任何針對安全程式庫區sLIB_Region的修改,以保護分別位於指令區sLIB_I_Region與資料區sLIB_D_Region的所述預定指令與所述預定資料。依據某些觀點,安全程式庫區sLIB_Region可代表所述安全程式庫,但本發
明並不限於此。
FIG. 3 is a control scheme of a method for managing a secure library supporting data storage according to an embodiment of the present invention. The method can be applied to the
第4圖繪示依據本發明一實施例的於第3圖所示方法的工作流程200。為了便於理解,電子裝置100(例如上述至少一處理器諸如處理器110、記憶體控制器120與非揮發性記憶體130)可在上述積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的所述積體電路產品)的所述生產階段的至少一後續階段(例如一或多個後續階段)的期間進行步驟210、220與230的操作中的至少一部分(例如一部分或全部),且可在執行步驟210以前進行所述生產階段中的操作,但本發明並不限於此。舉例來說,上述至少一後續階段可包含一第一後續階段諸如二次開發階段,尤其,可還包含一第二後續階段諸如用戶階段。於所述安全程式庫被啟用以後,不論在這些後續階段中的哪一個階段,依據所述方法來操作的電子裝置100能妥善地保護所述安全程式庫所需的重要資料,以確保這些重要資料不會被破壞或竄改。
FIG. 4 illustrates a
在步驟210中,電子裝置100(例如記憶體控制器120)可分別將非揮發性記憶體130中的安全程式庫區sLIB_Region中的至少一第一子區(例如一或多個第一子區)與至少一第二子區(例如一或多個第二子區)配置成為所述安全程式庫的指令區sLIB_I_Region與資料區sLIB_D_Region,其中於所述安全程式庫被啟用以前,屬於所述安全程式庫的所述預定指令與所述預定資料透過處理器110的資料埠D_PORT分別被寫入指令區sLIB_I_Region與資料區sLIB_D_Region,以於安全程式庫區sLIB_Region中建立所述安全程式庫。
In
在步驟220中,於所述安全程式庫被啟用以後,電子裝置100可利用記憶體控制器120禁止任何寫入操作以及任何抹除操作被施加於安全程式庫區sLIB_Region,以保護分別位於指令區sLIB_I_Region與資料區sLIB_D_Region的所述預定指令與所述預定資料。
In
在步驟230中,於所述安全程式庫被啟用以後,電子裝置100可利用
處理器110分別透過處理器110的指令埠I_PORT與資料埠D_PORT,讀取指令區sLIB_I_Region與資料區sLIB_D_Region。
In
針對資料埠D_PORT,例如透過資料埠D_PORT的操作,電子裝置100可利用記憶體控制器120允許讀取資料區sLIB_D_Region,而非指令區sLIB_I_Region。尤其,電子裝置100可利用記憶體控制器120禁止上述至少一處理器諸如處理器110透過資料埠D_PORT讀取指令區sLIB_I_Region。另外,電子裝置100可利用記憶體控制器120允許上述至少一處理器諸如處理器110透過指令埠I_PORT讀取指令區sLIB_I_Region。例如,電子裝置100可利用記憶體控制器120禁止上述至少一處理器諸如處理器110透過任何其它埠讀取指令區sLIB_I_Region,其中所述任何其它埠包含資料埠D_PORT。又例如,電子裝置100可利用記憶體控制器120禁止電子裝置100中的任何其它元件讀取指令區sLIB_I_Region。為了簡明起見,本實施例與前述實施例相仿的內容在此不重複贅述。
For the data port D_PORT, for example, through the operation of the data port D_PORT, the
依據某些實施例,在所述生產階段的期間,上述方案商可透過一生產工具觸發(trigger)於安全程式庫區sLIB_Region中建立所述安全程式庫(例如將所述預定指令與所述預定資料透過資料埠D_PORT分別寫入指令區sLIB_I_Region與資料區sLIB_D_Region),尤其,透過所述生產工具啟用所述安全程式庫,並且可將上述積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的所述積體電路產品)販賣給上述系統廠商,以供所述系統廠商在二次開發階段的期間進行二次開發。於所述系統廠商完成所述二次開發以後,所述系統廠商可將電子裝置100販賣給用戶,以供所述用戶在所述用戶階段的期間使用。為了簡明起見,這些實施例與前述實施例相仿的內容在此不重複贅述。
According to some embodiments, during the production stage, the above-mentioned solution provider can trigger (trigger) through a production tool to create the secure library in the secure library area sLIB_Region (for example, combine the predetermined command with the predetermined Data are respectively written into the instruction area sLIB_I_Region and the data area sLIB_D_Region through the data port D_PORT), especially, the safety program library is enabled through the production tool, and the above-mentioned integrated circuit (such as including the
依據某些實施例,所述預定指令可包含至少一函數(例如一或多個 函數)諸如函數Function_A(),並且所述預定資料可包含上述至少一函數的常量,諸如函數Function_A()的常量。例如,函數Function_A()可具有下列格式:Function_A(){...}其中上列格式中的符號“...”可代表函數Function_A()的內容,但本發明不限於此。另外,所述系統廠商在所述二次開發階段的期間所開發的程式可被儲存於所述其它區(例如所述系統廠商專用區)中,且可包含至少一其它函數(例如一或多個其它函數),諸如呼叫函數Function_A()的函數Function_B()。例如,函數Function_B()可具有下列格式:Function_B(){Function_A();…}其中上列格式中的符號“...”可代表函數Function_B()的內容,但本發明不限於此。為了簡明起見,這些實施例與前述實施例相仿的內容在此不重複贅述。 According to some embodiments, the predetermined instruction may include at least one function (such as one or more function) such as the function Function_A(), and the predetermined data may include constants of at least one function, such as the constants of the function Function_A(). For example, the function Function_A() may have the following format: Function_A(){...} where the symbol "..." in the above format may represent the content of the function Function_A(), but the present invention is not limited thereto. In addition, the programs developed by the system manufacturer during the secondary development stage may be stored in the other area (such as the system manufacturer dedicated area), and may include at least one other function (such as one or more other functions), such as a function Function_B() that calls a function Function_A(). For example, the function Function_B() may have the following format: Function_B(){Function_A();...} where the symbol "..." in the above format may represent the content of the function Function_B(), but the present invention is not limited thereto. For the sake of brevity, the content of these embodiments that are similar to the foregoing embodiments will not be repeated here.
以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。 The above descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made according to the scope of the patent application of the present invention shall fall within the scope of the present invention.
110:處理器 110: Processor
120:記憶體控制器 120: memory controller
130:非揮發性記憶體 130: Non-volatile memory
132:儲存區 132: storage area
DEBUG_PORT:除錯埠 DEBUG_PORT: Debug port
D_PORT:資料埠 D_PORT: data port
I_PORT:指令埠 I_PORT: command port
W:寫入操作 W: write operation
R1、R2:讀取操作 R1, R2: read operation
sLIB_Region:安全程式庫區 sLIB_Region: secure library area
sLIB_D_Region:資料區 sLIB_D_Region: data area
sLIB_I_Region:指令區 sLIB_I_Region: instruction area
Claims (10)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910782325.2 | 2019-08-23 | ||
CN201910782325.2A CN112417528A (en) | 2019-08-23 | 2019-08-23 | Method and electronic device for managing security library supporting data storage |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202109332A TW202109332A (en) | 2021-03-01 |
TWI783176B true TWI783176B (en) | 2022-11-11 |
Family
ID=74645327
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108134225A TWI783176B (en) | 2019-08-23 | 2019-09-23 | Method for managing secure library supporting data storage, and associated electronic device |
Country Status (3)
Country | Link |
---|---|
US (1) | US20210055870A1 (en) |
CN (1) | CN112417528A (en) |
TW (1) | TWI783176B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201805817A (en) * | 2016-08-04 | 2018-02-16 | 旺宏電子股份有限公司 | Electronic apparatus, memory apparatus and operation method thereof |
US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
CN108958650A (en) * | 2017-05-22 | 2018-12-07 | 旺宏电子股份有限公司 | Electronic system and its operating method |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004287541A (en) * | 2003-03-19 | 2004-10-14 | Matsushita Electric Ind Co Ltd | Nonvolatile memory access control system |
US8316192B2 (en) * | 2009-10-08 | 2012-11-20 | Honeywell International Inc. | Multiple-port memory systems and methods |
EP2372538A1 (en) * | 2010-03-23 | 2011-10-05 | ST-Ericsson SA | Processing IC with embedded non volatile memory |
US9395993B2 (en) * | 2013-07-29 | 2016-07-19 | Intel Corporation | Execution-aware memory protection |
CN107734176A (en) * | 2017-10-25 | 2018-02-23 | 深圳市金立通信设备有限公司 | Loss guard method, terminal and the computer-readable recording medium of mobile terminal |
-
2019
- 2019-08-23 CN CN201910782325.2A patent/CN112417528A/en active Pending
- 2019-09-23 TW TW108134225A patent/TWI783176B/en active
-
2020
- 2020-01-21 US US16/747,539 patent/US20210055870A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201805817A (en) * | 2016-08-04 | 2018-02-16 | 旺宏電子股份有限公司 | Electronic apparatus, memory apparatus and operation method thereof |
US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
CN108958650A (en) * | 2017-05-22 | 2018-12-07 | 旺宏电子股份有限公司 | Electronic system and its operating method |
Also Published As
Publication number | Publication date |
---|---|
US20210055870A1 (en) | 2021-02-25 |
TW202109332A (en) | 2021-03-01 |
CN112417528A (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104011733B (en) | There is during system pre-boot the secure data protection of the read only memory locking of improvement | |
US20060195686A1 (en) | Startup program execution method, device, storage medium, and program | |
CN110908932B (en) | Data processing apparatus and data protection method thereof | |
WO2017020647A1 (en) | Novel storage-based embedded file system and realization method thereof | |
KR20150033695A (en) | Memory protection | |
JP6157637B2 (en) | Virtual boundary code in the data image of the read / write memory device | |
JP2008009721A (en) | Evaluation system and evaluation method thereof | |
TW201706856A (en) | Central processing unit with enhanced instruction set | |
US9542113B2 (en) | Apparatuses for securing program code stored in a non-volatile memory | |
CN107567629A (en) | Dynamic firmware module loader in credible performing environment container | |
US8914602B2 (en) | Display controller having an embedded non-volatile memory divided into a program code block and a data block and method for updating parameters of the same | |
KR20060002664A (en) | Apparatus and method for controlling memory address mapping in embedded system | |
KR20050108637A (en) | Memory system for safely loading main data and method for loading main data | |
CN116578327B (en) | Program updating method and device, electronic equipment and storage medium | |
CN113557500A (en) | Multi-mode protected memory | |
TWI783176B (en) | Method for managing secure library supporting data storage, and associated electronic device | |
US6738887B2 (en) | Method and system for concurrent updating of a microcontroller's program memory | |
US20200110713A1 (en) | Method of access to a memory | |
KR20180066601A (en) | Method of driving memory system | |
CN104765626A (en) | Firmware program writing method and device | |
JPH09146774A (en) | Personal computer system | |
JP2005107608A (en) | Electronic device, nonvolatile memory, and method for rewriting data of nonvolatile memory | |
JP2007513421A (en) | Method for controlling access in flash memory and system for implementation of such method | |
JP2007328825A (en) | Memory system | |
TWI747270B (en) | Method for performing configuration management, and associated data storage device and controller thereof |